5 Unvalidated data

This chapter covers

Understanding which parts of HTTP may be manipulated
Using model validation in ASP.NET Core
Preventing mass assignment

In 2012, Russian developer Egor Homakov started a discussion on the GitHub issue tracker for the Ruby on Rails framework (if you’re interested, here is the whole thread: https://github.com/rails/rails/issues/5228). He was worried about a specific attack called mass assignment, and whether Ruby on Rails should change its default behavior to prevent developers from falling into this trap. Not happy with the arguably stern replies he got, he searched and found a mass assignment security issue in GitHub (which, in turn, has been developed in Ruby on Rails). As a result, he managed to grant ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

5 Unvalidated data

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly